CVEPublished 2022-11-231 article on news7 live referencesNVD data

CVE-2022-40303

Vulnerability data via CVEDB (Shodan)

CVSS v3.1
7.5
HIGH
EPSS percentile
97
Exploit Prediction Scoring System · top 3% of all CVEs
Description

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Timeline
Published 2022-11-23

External references

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

More intel sources (5)

Known PoCs on GitHub (2)